Site icon IT World Canada

Canadian energy provider Suncor among firms vowing to increase cyber resiliency

Calgary-based oil sands developer Suncor Energy and cybersecurity provider Check Point Software are among 18 energy and technology-related firms that have vowed to improve their cybersecurity resiliency at the annual gathering of the World Economic Forum (WEF).

The announcement that the companies have agreed to the Cyber Resilience Pledge to enhance cybersecurity throughout their systems was made this morning from Davos, Switzerland, where the annual meeting of the discussion group is taking place.

“The action is in response to major security breaches in the past two years that have highlighted the vulnerability of critical infrastructure,” the forum said in a news release.

Separately the federal ministry of Natural Resources announced support for a cybersecurity incident response playbook (see below).

One high-profile energy sector breach was last year’s ransomware attack on the IT systems of Colonial Pipelines in the U.S., which forced the company to temporarily shut operations. That caused huge lineups for gasoline across the U.S. east coast. More recently, the forum notes, there have been cyberattacks on the Amsterdam-Rotterdam-Antwerp (ARA) oil refining hub and on two German energy firms.

In March the U.S. charged four Russians with allegedly being involved in attacks on the energy sector between 2012 and 2018. (See this news release for more detail)

Related content: Threat actors have new tools for attacking ICS, SCADA devices, say US cyber agencies

The forum first began developing a resiliency pledge for the energy sector in 2020. Last year the forum released a cyber resilience playbook for the oil and gas sector.

Organizations that agree to the non-binding pledge promise to

The initial companies agreeing to the pledge are Aker ASA, a Norwegian industrial investment company with ownership interests concentrated in oil and gas; Aker BP; Saudi Aramco, which suffered a huge wiperware attack in 2012; Check Point Software Technologies; Claroty, which specializes in IoT cybersecurity; Cognite, a Norwegian industrial IT company; Dragos, and industrial IoT cybersecurity provider; Ecopetrol of Columbia; Italian energy provider Eni; EnQuest, Galp, the Global Resilience Federation, Maire Tecnimont, an Italian engineering firm in the energy sector; Occidental Petroleum; OT-ISAC, the Singapore-based Operational Technology Information Sharing and Analysis Center; Malaysia-based energy provider Petronas; Repsol, an energy provider in Spain; and Suncor, which also owns the Petro-Canada gas chain.

“First endorsed by key CEOs in the oil and gas value chain, the Cyber Resilience Pledge is a landmark step as it signals recognition of the complexities of building a cyber-resilient industry ecosystem and a commitment towards collective action to achieve it,” said Alexander Klimburg, head of the WEF’s Centre for Cybersecurity.

The Canadian federal government has several initiatives in place to strengthen cybersecurity in the energy sector.

Today it announced a $156,514 investment in a Canadian engineering company’s playbook that provides instructions and guidelines which energy sector organizations can leverage to counter and recover quickly from cyber attacks. A government spokesperson said the money was for the creation of the playbook

Created by the Canadian consulting engineering firm BBA, the Industrial Automation and Control Systems (IACS) Cyber Security Incident Response Playbook relies on industry best practices to provide for strong cyber security responses to ensure organizations are prepared to react systematically during times of emergency. In 2020 Ottawa selected BBA to create a methodology for assessing cyber risks for industrial control systems.

Exit mobile version